On 6 Jul 2010, at 12:36, Bertrand Delacretaz wrote: > On Tue, Jul 6, 2010 at 12:53 PM, Ian Boston <[email protected]> wrote: >>>> The data protection policy that is driving this is that, we have 50K >>>> users, all with user ID's we have to >> prevent anyone from getting a list of the user ID's, but still allow someone >> who knows the user ID to access >> the content. Its the same as the UserDir module in Apache httpd ie /~ieb > > The best might then be to reproduce that using a UserDir servlet?
We could do, however we need to provide the entire Sling Engine (all methods, selectors, extensions) underneath the url /home/~ieb URL, and the last time I tried to do this with a dynamic virtual path it ended in abject failure as it become impossible to remap and re-dispatch internal requests. > > Keep restricted permissions on the real /_user path, and map this > UserDir servlet to the /home/~* so that it can internally map paths > like /home/~ieb/foo/bar.pdf to /_user/ieb/foo/bar.pdf while not > exposing more than needed. > > The next problem then is mapping that to WebDAV operations, might be > more problematic. But IIUC this access is read-only anyway, so just > HTTP might be sufficient. Webdav is also a major problem as its the list of user IDs that has to be read only, and PROPFIND on /_user is going to find them. Permissions look good, however since JCR spec does not discriminate between getNode and listChildNodes from an AccessManager point of view (and IIRC the Sling Resolver does need to be able to read all elements of the path), its a non starter. I am looking at a plugin mechanism of ItemFilter at the moment. Ian > > -Bertrand
